Page 1 of 21
WGU D320 - MANAGING CLOUD SECURITY
EXAM | FREQUENTLY TESTED QUESTIONS
WITH CORRECT ANSWERS | BRAND NEW!
Which type of management focuses on arranging all the
elements needed to deploy new software, including QA testing
and staging, before the software enters active maintenance? -
✔✔✔ Correct answer > Release management (RM)
A security analyst is tasked with collecting evidence related to a
data breach involving monetary theft. Which action should the
security analyst take when accessing the breached system? -
✔✔✔ Correct answer > Create an encrypted backup of all data
During an investigation, government agents asked a security
professional to collect the records stored in a database and
present them to the court. Which process should the security
professional use to identify and obtain that information? - ✔✔✔
Correct answer > Electronic discovery
The service at a cloud provider has been interrupted. Which
group should this cloud provider contact with information about
,Page 2 of 21
the expected window for which the services will be down as per
a contractual agreement? - ✔✔✔ Correct answer > Customers
An online store has declared a disaster situation because of a
large storm in the area of its primary cloud data center location.
The emergency plan has allowed the store to remain online and
accept payments, but it has fallen out of compliance with its
Payment Card Industry Data Security Standard (PCI DSS)
practices. Which party should the store keep apprised of ongoing
developments and the potential solutions being considered? -
✔✔✔ Correct answer > Regulators
Which type of communication channel should be established
between parties in a supply chain to be used in a disaster
situation? - ✔✔✔ Correct answer > Secondary
An organization's engineers recently attended a training session
designed to raise awareness of the dangers of using insecure
direct object identifiers to view another user's account
information. Which Open Web Application Security Project
(OWASP) Top 10 vulnerability category did their training cover? -
✔✔✔ Correct answer > Broken access control
An organization's engineers recently attended a training session
that raised their awareness of the dangers of using weak
algorithms or protocols for data security. Which Open Web
, Page 3 of 21
Application Security Project (OWASP) Top 10 vulnerability
category did their training cover? - ✔✔✔ Correct answer >
Cryptographic failures
A company plans to deploy a new application. Before the
deployment, the company hires an IT security consultant to
perform a zero-knowledge test to access the application as an
external hacker would. Which testing technique applies to the
work the consultant is performing? - ✔✔✔ Correct answer > Black box
Which concept refers to multiple teams and roles within an
organization that perform testing on code from end to end to
ensure that the code meets all standards and requirements? -
✔✔✔ Correct answer > Quality assurance
What is the purpose of implementing rate limiting in application
programming interface (API) security? - ✔✔✔ Correct answer > To
prevent API overuse
An organization wants to ensure that untested software updates
provided by a third-party vendor are not run in its mission-
critical environment. What should the organization use in this
scenario? - ✔✔✔ Correct answer > Manual updates
WGU D320 - MANAGING CLOUD SECURITY
EXAM | FREQUENTLY TESTED QUESTIONS
WITH CORRECT ANSWERS | BRAND NEW!
Which type of management focuses on arranging all the
elements needed to deploy new software, including QA testing
and staging, before the software enters active maintenance? -
✔✔✔ Correct answer > Release management (RM)
A security analyst is tasked with collecting evidence related to a
data breach involving monetary theft. Which action should the
security analyst take when accessing the breached system? -
✔✔✔ Correct answer > Create an encrypted backup of all data
During an investigation, government agents asked a security
professional to collect the records stored in a database and
present them to the court. Which process should the security
professional use to identify and obtain that information? - ✔✔✔
Correct answer > Electronic discovery
The service at a cloud provider has been interrupted. Which
group should this cloud provider contact with information about
,Page 2 of 21
the expected window for which the services will be down as per
a contractual agreement? - ✔✔✔ Correct answer > Customers
An online store has declared a disaster situation because of a
large storm in the area of its primary cloud data center location.
The emergency plan has allowed the store to remain online and
accept payments, but it has fallen out of compliance with its
Payment Card Industry Data Security Standard (PCI DSS)
practices. Which party should the store keep apprised of ongoing
developments and the potential solutions being considered? -
✔✔✔ Correct answer > Regulators
Which type of communication channel should be established
between parties in a supply chain to be used in a disaster
situation? - ✔✔✔ Correct answer > Secondary
An organization's engineers recently attended a training session
designed to raise awareness of the dangers of using insecure
direct object identifiers to view another user's account
information. Which Open Web Application Security Project
(OWASP) Top 10 vulnerability category did their training cover? -
✔✔✔ Correct answer > Broken access control
An organization's engineers recently attended a training session
that raised their awareness of the dangers of using weak
algorithms or protocols for data security. Which Open Web
, Page 3 of 21
Application Security Project (OWASP) Top 10 vulnerability
category did their training cover? - ✔✔✔ Correct answer >
Cryptographic failures
A company plans to deploy a new application. Before the
deployment, the company hires an IT security consultant to
perform a zero-knowledge test to access the application as an
external hacker would. Which testing technique applies to the
work the consultant is performing? - ✔✔✔ Correct answer > Black box
Which concept refers to multiple teams and roles within an
organization that perform testing on code from end to end to
ensure that the code meets all standards and requirements? -
✔✔✔ Correct answer > Quality assurance
What is the purpose of implementing rate limiting in application
programming interface (API) security? - ✔✔✔ Correct answer > To
prevent API overuse
An organization wants to ensure that untested software updates
provided by a third-party vendor are not run in its mission-
critical environment. What should the organization use in this
scenario? - ✔✔✔ Correct answer > Manual updates
